Vulnerability Description
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hgiga | Oaklouds Openid | >= 2.0, < 2.0-54 |
Related Weaknesses (CWE)
References
- https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daefThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4327-50e99-1.htmlThird Party Advisory
- https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daefThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4327-50e99-1.htmlThird Party Advisory
FAQ
What is CVE-2021-22851?
CVE-2021-22851 is a vulnerability with a CVSS score of 9.8 (CRITICAL). HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
How severe is CVE-2021-22851?
CVE-2021-22851 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-22851?
Check the references section above for vendor advisories and patch information. Affected products include: Hgiga Oaklouds Openid.