CVE-2023-42284

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 7, 2023
Updated: Nov 14, 2023
CWE ID 89

Summary

The vulnerability with the CVE ID CVE-2023-42284 affects Tyk Gateway version 5.0.3 and is categorized as a blind SQL injection. An attacker can exploit this vulnerability by crafting a malicious SQL query through the api_version parameter, which allows them to access and dump the database. The base severity of this vulnerability is rated as critical, with a base score of 9.8 out of 10. It poses a high risk to organizations as it has a high impact on both integrity and confidentiality. The attack vector is through the network, and no privileges or user interaction are required. To remediate this vulnerability, organizations should update their Tyk Gateway to a patched version that addresses this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share