Possible SQL Injection Vulnerability in appendEscapedSQLString of DatabaseUtils.java

Possible SQL Injection Vulnerability in appendEscapedSQLString of DatabaseUtils.java

CVE-2023-40121 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.