CVE-2023-52096

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

S

teVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records.

References

Link	Resource
https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8	Product
https://github.com/steve-community/ocpp-jaxb/issues/13	Exploit Issue Tracking
https://github.com/steve-community/steve/issues/1292	Exploit Issue Tracking Vendor Advisory
https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8	Product
https://github.com/steve-community/ocpp-jaxb/issues/13	Exploit Issue Tracking
https://github.com/steve-community/steve/issues/1292	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:steve-community:ocpp-jaxb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:39

Type	Values Removed	Values Added
References	~~() https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8 - Product~~	() https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8 - Product
References	~~() https://github.com/steve-community/ocpp-jaxb/issues/13 - Exploit, Issue Tracking~~	() https://github.com/steve-community/ocpp-jaxb/issues/13 - Exploit, Issue Tracking
References	~~() https://github.com/steve-community/steve/issues/1292 - Exploit, Issue Tracking, Vendor Advisory~~	() https://github.com/steve-community/steve/issues/1292 - Exploit, Issue Tracking, Vendor Advisory

Information

Published : 2023-12-26 23:15

Updated : 2024-11-21 08:39

NVD link : CVE-2023-52096

Mitre link : CVE-2023-52096

CVE.ORG link : CVE-2023-52096

JSON object : View

Products Affected

steve-community

ocpp-jaxb

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-52096", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-26T23:15:07.947", "references": [{"url": "https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/steve-community/ocpp-jaxb/issues/13", "tags": ["Exploit", "Issue Tracking"], "source": "[email protected]"}, {"url": "https://github.com/steve-community/steve/issues/1292", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/steve-community/ocpp-jaxb/issues/13", "tags": ["Exploit", "Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/steve-community/steve/issues/1292", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records."}, {"lang": "es", "value": "SteVe Community ocpp-jaxb anterior a 0.0.8 genera marcas de tiempo no v\u00e1lidas, como las del mes 00 en determinadas situaciones (como cuando una aplicaci\u00f3n recibe un Open Charge Point Protocol de StartTransaction con un par\u00e1metro de marca de tiempo de 1000000). Esto puede provocar una excepci\u00f3n de SQL en las aplicaciones y puede socavar la integridad de los registros de transacciones."}], "lastModified": "2024-11-21T08:39:09.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:steve-community:ocpp-jaxb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00CEA40C-5001-4C81-A9C8-45DA784BBEEA", "versionEndExcluding": "0.0.8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}