Approved changes feed: RSS · Atom
cpe:2.3:a:advantech:iview:5.7.04:*:*:*:*:*:*:*
part: a version: 5.7.04 update: *
| Vendor | Advantech (fedf766b-bee1-5692-bcc7-1aa8d9dc594c) |
|---|---|
| Product | Iview (f0610ca1-bf61-509d-b5cf-0da264e1d26f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-52335 |
vulnerable | 2026-06-03 14:53:39.234304 |
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability
HIGH (7.5)
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863.
Published: 2024-11-22T20:05:15.175Z
Updated: 2024-12-05T19:32:34.015Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.