CVE-2019-1010201 - OpenCVE

Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java has SQL Injection vulnerability. The attack vector is: network connectivity,authenticated. The fixed version is: 4.0 and later.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jeesite	Jeesite

Configuration 1 [-]

cpe:2.3:a:jeesite:jeesite:1.2.7:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/dao/ActDao.java

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-23T17:07:14

Updated: 2024-08-05T03:07:18.482Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010201

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-23T18:15:14.457

Modified: 2019-07-24T15:17:29.377

Link: CVE-2019-1010201

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Jeesite", "vendor": "Jeesite", "versions": [{"status": "affected", "version": "1.2.7 [fixed: 4.0 and later]"}]}], "descriptions": [{"lang": "en", "value": "Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java has SQL Injection vulnerability. The attack vector is: network connectivity,authenticated. The fixed version is: 4.0 and later."}], "problemTypes": [{"descriptions": [{"description": "SQL Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-23T17:07:14", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/dao/ActDao.java"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010201", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jeesite", "version": {"version_data": [{"version_value": "1.2.7 [fixed: 4.0 and later]"}]}}]}, "vendor_name": "Jeesite"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java has SQL Injection vulnerability. The attack vector is: network connectivity,authenticated. The fixed version is: 4.0 and later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/dao/ActDao.java", "refsource": "MISC", "url": "https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/dao/ActDao.java"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.482Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/dao/ActDao.java"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010201", "datePublished": "2019-07-23T17:07:14", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.482Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jeesite:jeesite:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "93B2F451-C602-49A6-99C7-7DB5C74C5EE8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java has SQL Injection vulnerability. The attack vector is: network connectivity,authenticated. The fixed version is: 4.0 and later."}, {"lang": "es", "value": "Jeesite versi\u00f3n 1.2.7 est\u00e1 afectado por: Inyecci\u00f3n de SQL. El impacto es: divulgaci\u00f3n de informaci\u00f3n confidencial. El componente es: hay una vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java. El vector de ataque es: conectividad de red, autenticado. La versi\u00f3n corregida es: 4.0 y posteriores."}], "id": "CVE-2019-1010201", "lastModified": "2019-07-24T15:17:29.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-23T18:15:14.457", "references": [{"source": "josh@bress.net", "tags": ["Third Party Advisory"], "url": "https://github.com/thinkgem/jeesite/blob/master/src/main/java/com/thinkgem/jeesite/modules/act/dao/ActDao.java"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}