CVE-2023-3763 - OpenCVE

A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intergard	Smartgard Silver With Matrix Keyboard

Configuration 1 [-]

cpe:2.3:a:intergard:smartgard_silver_with_matrix_keyboard:8.7.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://vuldb.com/?ctiid.234448
https://vuldb.com/?id.234448
https://youtu.be/XlRVwWXpv4w

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-07-19T07:00:05.033Z

Updated: 2024-08-02T07:08:48.996Z

Reserved: 2023-07-18T19:29:58.633Z

Link: CVE-2023-3763

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-07-19T07:15:09.007

Modified: 2024-05-17T02:27:46.550

Link: CVE-2023-3763

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3763", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-07-18T19:29:58.633Z", "datePublished": "2023-07-19T07:00:05.033Z", "dateUpdated": "2024-08-02T07:08:48.996Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-23T17:37:37.701Z"}, "title": "Intergard SGS SQL Query cleartext transmission", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-319", "lang": "en", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "affected": [{"vendor": "Intergard", "product": "SGS", "versions": [{"version": "8.7.0", "status": "affected"}], "modules": ["SQL Query Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Intergard SGS 8.7.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente SQL Query Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2023-07-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-07-18T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-07-18T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-08-09T16:16:49.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "hiagomoura (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.234448", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.234448", "tags": ["signature", "permissions-required"]}, {"url": "https://youtu.be/XlRVwWXpv4w", "tags": ["exploit", "media-coverage"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:48.996Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.234448", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.234448", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://youtu.be/XlRVwWXpv4w", "tags": ["exploit", "media-coverage", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intergard:smartgard_silver_with_matrix_keyboard:8.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "92528C7D-5612-4DFC-BB5F-D1CE1F276820", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2023-3763", "lastModified": "2024-05-17T02:27:46.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-07-19T07:15:09.007", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.234448"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.234448"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://youtu.be/XlRVwWXpv4w"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "cna@vuldb.com", "type": "Secondary"}]}