CVE-2024-53007

Medium

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an…

mitre·CWE-648·Published 2025-01-31

CVSS

6.4

EPSS

0.00

KEV

Exploits

cve.orgen

146 chars

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

NVDen

146 chars

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

Bentley Systems ProjectWise Integration Server anterior a 10.00.03.288 permite la ejecución no deseada de consultas SQL por parte de un usuario autenticado a través de una llamada API.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.4	—	—	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:T/RC:C
3.1	Primary	cve.org	6.4	—	—	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N/E:P/RL:T/RC:C
3.1	Secondary	NVD	6.4	1.1	4.7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N