cbcvebase.
CVE-2023-40787
published 2023-08-29

CVE-2023-40787: In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
19.38%
97.0th percentile
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.

Affected

1 ranges
VendorProductVersion rangeFixed in
bladexspringblade

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-40787 affects SpringBlade V3.6.0 — detect SQL injection attempts where user-supplied parameters are submitted without quotation mark wrapping in SQL query contexts
  • CVE-2023-40787 is also attributed to Juniper Secure Analytics (JSA Series Virtual Appliance) as an SQL injection vulnerability with a CVSS score of 9.8 — monitor JSA Series appliances for anomalous SQL query activity
  • ·CVE-2023-40787 is attributed to SpringBlade V3.6.0 in the NVD source, but the Check Point report attributes the same CVE to Juniper Secure Analytics (JSA Series Virtual Appliance). These may be conflicting attributions or a CVE assignment error — verify the correct affected product before deploying detections.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.