SQL Injection Vulnerability in DCE Mass Configuration Settings

SQL Injection Vulnerability in DCE Mass Configuration Settings

CVE-2023-37197 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.