← back
CVE-2020-14497

CVE-2020-14497

EPSS 4.9%CWE-89
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 4.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Jul 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
Affected products
n/a · Advantech iView

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01https://www.zerodayinitiative.com/advisories/ZDI-20-827/https://www.zerodayinitiative.com/advisories/ZDI-20-828/https://www.zerodayinitiative.com/advisories/ZDI-20-830/https://www.zerodayinitiative.com/advisories/ZDI-20-832/https://www.zerodayinitiative.com/advisories/ZDI-20-833/https://www.zerodayinitiative.com/advisories/ZDI-20-835/https://www.zerodayinitiative.com/advisories/ZDI-20-836/https://www.zerodayinitiative.com/advisories/ZDI-20-837/https://www.zerodayinitiative.com/advisories/ZDI-20-838/https://www.zerodayinitiative.com/advisories/ZDI-20-839/https://www.zerodayinitiative.com/advisories/ZDI-20-842/