CVE-2024-13955

CWE-89SQL Injection3 documents3 sources
Severity
9.4CRITICAL
EPSS
0.2%
top 59.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ABB Aspect-enterpriseABB Matrix SeriesABB Nexus Series
Timeline
PublishedMay 22

Description

2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages3 packages

CVEListV5abb/nexus_series3.*
CVEListV5abb/matrix_series3.*
CVEListV5abb/aspect-enterprise3.*

🔴Vulnerability Details

2
CVEList
SQL Injection 2nd Order2025-05-22
GHSA
GHSA-hrcg-68ff-5vg7: 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials becom2025-05-22
CVE-2024-13955 (CRITICAL CVSS 9.4) | 2nd Order SQL injection vulnerabili | cvebase.io