CVE-2020-13505: SQL Injection
First published: Thu Sep 24 2020(Updated: )
Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Aveva Edna Enterprise Data Historian | =3.0.1.2\/7.5.4989.33053 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-13505.
What is the severity of CVE-2020-13505?
CVE-2020-13505 has a severity level of 9.8 (critical).
What is the affected software for CVE-2020-13505?
The affected software is Aveva Edna Enterprise Data Historian version 3.0.1.2/7.5.4989.33053.
What is the impact of CVE-2020-13505?
CVE-2020-13505 allows unauthenticated SQL injection attacks, which can result in data compromise.
How can I fix CVE-2020-13505?
To fix CVE-2020-13505, it is recommended to apply the latest security patches or updates provided by Aveva for the Edna Enterprise Data Historian software.
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/aveva
- canonical/aveva edna enterprise data historian
- version/aveva edna enterprise data historian/3.0.1.2\/7.5.4989.33053