CVE-2023-29047

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 2, 2023
Updated: Jan 12, 2024
CWE ID 89

Summary

CVE-2023-29047 is a vulnerability that affects multiple products, including jmedRx, jmedRw, and jmedRz. It was caused by insufficient validation and sanitization of client input in the Imageconverter API endpoints, allowing for the injection of arbitrary SQL statements. This vulnerability could be exploited by an attacker with access to the adjacent network and potential API credentials to read and modify database content accessible to the imageconverter SQL user account. There are no publicly known exploits for this vulnerability. The base severity of this vulnerability is rated as MEDIUM, with a base score of 5.3 according to CVSS:3.1. The confidentiality impact is rated as HIGH, while the integrity impact is rated as NONE. It is recommended to remediate this vulnerability by implementing proper input validation and sanitization mechanisms in the affected products' API endpoints.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-29047 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options