Description
SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
Published: 2026-05-20
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic SQL injection flaw. Based on the description, it is inferred that an attacker with either no authentication or only limited privileges can inject malicious SQL statements into the InfoScale VIOM web application. By manipulating input parameters, the attacker can gain higher privileges than intended through the application’s database interactions. This flaw falls under the standard SQL injection weakness.

Affected Systems

Systems running InfoScale VIOM before version 9.1.3 are affected. The vulnerability is present in the web application interface that typically accepts user-supplied data without proper sanitization. Admins and service accounts that interact with the affected components are at risk of unintended privilege escalation.

Risk and Exploitability

The flaw carries a high risk because it permits privilege escalation without requiring local access. The attack vector is inferred to be remote via the web interface, as the description states "remote attackers". The CVSS score of 6.5 indicates moderate severity, but the consequence is still severe. The EPSS score is not provided and the issue is not listed in KEV, so immediate attention is still warranted based on the verified remote exploitation potential.

Generated by OpenCVE AI on May 20, 2026 at 21:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade InfoScale VIOM to version 9.1.3 or later where the SQL injection vulnerability is fixed.
  • Configure firewall rules or API gateway to restrict access to the VIOM web application only to trusted networks and authorized users.
  • Implement input validation and parameterized queries in any custom code that interacts with the VIOM database to prevent similar injection issues in the future.

Generated by OpenCVE AI on May 20, 2026 at 21:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title InfoScale VIOM Remote SQL Injection Privilege Escalation

Wed, 20 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title InfoScale VIOM Remote SQL Injection Elevates Privileges
Weaknesses CWE-269

Wed, 20 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title InfoScale VIOM Remote SQL Injection Elevates Privileges
Weaknesses CWE-269
CWE-89

Wed, 20 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-20T17:51:40.835Z

Reserved: 2026-05-08T00:00:00.000Z

Link: CVE-2026-44923

cve-icon Vulnrichment

Updated: 2026-05-20T17:51:36.968Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T17:16:24.013

Modified: 2026-05-20T20:16:40.010

Link: CVE-2026-44923

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T21:30:36Z

Weaknesses